Wouldn’t it be great if you could walk into a meeting room and were immediately able to wirelessly share content from your laptop, tablet or smartphone with the room’s monitor?
No need for wired connectivity, no time wasted looking for that VGA cable under the table or the Lightning/DisplayPort-to-VGA adapter you left in your bag…
This doesn’t sound so difficult, right?
You just buy a Google Chromecast or an Apple TV, you connect it via HDMI to the meeting room’s monitor, you turn on your Enterprise WiFi network and you SHOULD be able to mirror your OS X/iOS screen to the Apple TV or your Android screen to Chromecast.
However, you need to remember that Apple TV and Chromecast have been designed for Home use, not Enterprise use. At home, consumer devices are typically made to work within a single Layer 2 domain and ideally with as little manual configuration as possible. This is facilitated by Zeroconf protocols (https://en.wikipedia.org/wiki/Zero-configuration_networking) such as Bonjour, which is Apple’s implementation of Zeroconf using mDNS (multicast DNS) and DNS-SD (DNS Service Discovery).
In the past, Chromecast used another flavor of Zeroconf, based on DIAL and UPnP, but now it looks like it has also moved to mDNS (http://blogs.cisco.com/wireless/how-to-manage-chromecast-at-your-school), which should make it interoperable with Bonjour-based discovery.
For a detailed description of how Bonjour works, please refer to Apple’s Bonjour Overview at https://developer.apple.com/library/mac/documentation/Cocoa/Conceptual/NetServices/Articles/about.html#//apple_ref/doc/uid/TP40002458-SW1 or to the following Cisco Enterprise BYOD (Bring Your Own Device) Design Guide: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_Bonjour.html#pgfId-1005759
Anyway, the important point here is that the above protocols work fine in a single L2 domain, because this is what they have been designed for, but in an Enterprise environment things start breaking.
This is because Zeroconf technologies cannot work in a scalable, sustainable fashion between different L3 domains (which is how Enterprise networks are hopefully designed).
But have no fear, Cisco Bonjour Gateway (a.k.a. Service Discovery Gateway) comes to the rescue!
This is a feature available in Cisco platforms such as Wireless LAN Controllers and Enterprise Switches (for example, WLC5500, C3850, C6500, etc.) that allows snooping and caching all Bonjour service advertisements across multiple subnet boundaries. Cloud Managed Wireless by Cisco Meraki has also recently implemented support for Bonjour Gateway (https://meraki.cisco.com/technologies/bonjour-gateway)
As a result, Zeroconf discovery of devices such as Apple TV is enabled across different L2 domains and now your iPhone, on VLAN 11, can mirror its screen to the AppleTV on VLAN 22 in the Enterprise’s network.
The magic is explained in: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_Bonjour.html#pgfId-1005839
On top of that, Bonjour Gateway gives you the additional benefit of user-based, location-aware policies:
The Director in your company does not want Staff to be able to stream content to the Apple TV in his office.
He wants his Assistant however, to have access to all Apple TVs in all Buildings, including the Apple TV in his office.
Staff should only discover the shared Apple TVs in each floor, located in the meeting rooms, but we don’t want to make their life too difficult:
As they move between floors, they should only have visibility of the Apple TVs on a specific floor.
Why should John, the HR specialist, spend time in his iPhone scrolling down a list of 10+ Apple TVs spread across four different floors, when there is only one Apple TV in the meeting room he is currently located?
This is what Bonjour Policies are all about: http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-0/WLAN-Bonjour-DG.html#pgfId-47580
They combine information about who the user is (802.1X user-id), what role he has (group attribute in Active Directory) and where he is located (metadata coming from Access Points) to define which services (eg. which Apple TVs, which Airprint printers) can be discovered.
Ok, great!
Are we done?
Can we now successfully deploy Apple TVs in an Enterprise environment?
Just be aware of the following complications:
Apple TVs do support 802.1X authentication as WiFi endpoints, which should be the preferred approach in an Enterprise WiFi network, but the process is not straightforward.
You need to configure an 802.1x profile via Apple Configurator (this is an Apple application only running on OS X) and download it to each and every Apple TV in your enterprise via a micro-USB cable connected between the Apple TV and the Mac where the Apple Configurator is running. Ouch!
Also, recent HW revisions of Apple TVs and iPhones allow peer-to-peer discovery (via Bluetooth) and mirroring (peer-to-peer AirPlay) without the need of connecting your OS-X or iOS device and the Apple TV on the same WiFi network.
Peer-to-Peer Airplay is described at https://support.apple.com/en-us/HT204289
Think twice before you go down that path however:
You will lose all the Policy control capabilities provided by Bonjour Gateway (role-based, location-awareness) and at the same time rely on basic security provided by the Apple TV itself (on screen code/shared password/device verification – no 802.1x for endpoints).
In that case, you might as well consider a completely different approach to content sharing within the meeting room and try Cisco Intelligent Proximity:
https://www.youtube.com/watch?v=ycpcEtxl7Yk
Wifi is boring, let’s go for Ultrasonic!